17:04, EET
December 20, 2021
Hello,
I’m a newbie to the OPC UA / Prosys OPC UA Java SDK world and I’m having some problems configuring the server.
I understood that it is not possible to start the server without first setting the ApplicationIdentity.
The ApplicationIdentity requires a certificate as a mandatory parameter but I cannot use it:
https://forum.prosysopc.com/forum/opc-ua-java-sdk/server-without-certificates/
I am using the method:
ApplicationIdentity.loadOrCreateCertificate
to create an ApplicationIdentity, but when the OPC UA client tries to connect i get the BadCertificateUntrusted error because the server is using a self-signed certificate.
I cannot install the Self-Signed Certificate as a Trusted Root CA and i cannot change the client settings.
As a workaround i had thought to delete the ServerCertificate parameter from the GetEndPointsResponse payload in order to skip the certificate check performed by the client.
Is it possible to modify the GetEndPoints service response sent by the server?
I am using prosys-opc-ua-java-sdk-client-server-3.1.2-488.
Thanks,
Francesco
10:37, EET
December 20, 2021
UPDATE
prosys-opc-ua-java-sdk-client-server depends on:
opc-ua-stack lib (https://github.com/OPCFoundation/UA-Java-Legacy)
I modified the class:
/opc-ua-stack/src/main/java/org/opcfoundation/ua/application/Server.java
row: 490
…
desc.setServerCertificate (ByteString.valueOf (keypair.getCertificate (). getEncoded ()));
EndpointDescription desc = new EndpointDescription();
desc.setEndpointUrl( ep.getEndpointUrl() );
desc.setSecurityMode( msm );
desc.setSecurityLevel( UnsignedByte.valueOf(securityLevel) );
desc.setSecurityPolicyUri( securityPolicyUri );
desc.setServer( ap );
// TEST ServerCerticate
// desc.setServerCertificate(ByteString.valueOf(keypair.getCertificate().getEncoded() ));
…
and now the client connects successfully
13:13, EET
April 3, 2012
Hi,
As an SDK-level API user, you should basically not interact with the “stack” at all, expect when something from it was in the public APIs of the SDK (our mistake 10 years ago, but hard to fix without breaking half of the methods, so it has not been done). Also SDK 4.x does not depend on “the stack” anymore. Also doing anything in the old legacy “stack” would in general assume the user to know exactly what they are doing, effectively being an “OPC UA Expert”. Not something you should be doing if you have just started OPC UA.
Also, please note that the “Stack” is basically discontinued as reads on the README on (https://github.com/OPCFoundation/UA-Java-Legacy) :
“This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA. It will not receive further features and updates.”
In general I would recommend updating to SDK 4.x due to the fixes we have made during the years, https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html. It has also received security fixes. Also any updates or fixes we would do for the SDK would be on top of the current 4.x version.
Please note that doing that edit in the stack 3.x dependend would be completely unsupported by us and basically then you are outside of our help. Like, great if it helps you, but a real fix would be to fix the client side to ignore the certificate. In OPC UA 1.01 Servers did always send a certificate and 1.01 Clients might not work if they do not. Later version Clients should ignore the cert if they see it (i.e. if they do not need it). Also, you will need the certificate even in NONE if you need to support any other userauth method than Anonymous (i.e. basically no auth/users), as it is used to transmit the secrects as encrypted.
Most Users Ever Online: 1919
Currently Online:
22 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 728
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1